summaryrefslogtreecommitdiffstats
path: root/security/integrity/evm
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2022-08-03 00:21:18 +0200
committerLinus Torvalds <torvalds@linux-foundation.org>2022-08-03 00:21:18 +0200
commit043402495deb5ccc3b3479dc69a03f990c41ea8d (patch)
treec8f7908efeabd007011a1a0343ff66bdbc807344 /security/integrity/evm
parentMerge tag 'safesetid-6.0' of https://github.com/micah-morton/linux (diff)
parentMerge remote-tracking branch 'linux-integrity/kexec-keyrings' into next-integ... (diff)
downloadlinux-043402495deb5ccc3b3479dc69a03f990c41ea8d.tar.xz
linux-043402495deb5ccc3b3479dc69a03f990c41ea8d.zip
Merge tag 'integrity-v6.0' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity
Pull integrity updates from Mimi Zohar: "Aside from the one EVM cleanup patch, all the other changes are kexec related. On different architectures different keyrings are used to verify the kexec'ed kernel image signature. Here are a number of preparatory cleanup patches and the patches themselves for making the keyrings - builtin_trusted_keyring, .machine, .secondary_trusted_keyring, and .platform - consistent across the different architectures" * tag 'integrity-v6.0' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity: kexec, KEYS, s390: Make use of built-in and secondary keyring for signature verification arm64: kexec_file: use more system keyrings to verify kernel image signature kexec, KEYS: make the code in bzImage64_verify_sig generic kexec: clean up arch_kexec_kernel_verify_sig kexec: drop weak attribute from functions kexec_file: drop weak attribute from functions evm: Use IS_ENABLED to initialize .enabled
Diffstat (limited to 'security/integrity/evm')
-rw-r--r--security/integrity/evm/evm_main.c52
1 files changed, 23 insertions, 29 deletions
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index 93e8bc047a73..2e6fb6e2ffd2 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -36,42 +36,36 @@ static const char * const integrity_status_msg[] = {
int evm_hmac_attrs;
static struct xattr_list evm_config_default_xattrnames[] = {
- {.name = XATTR_NAME_SELINUX,
-#ifdef CONFIG_SECURITY_SELINUX
- .enabled = true
-#endif
+ {
+ .name = XATTR_NAME_SELINUX,
+ .enabled = IS_ENABLED(CONFIG_SECURITY_SELINUX)
},
- {.name = XATTR_NAME_SMACK,
-#ifdef CONFIG_SECURITY_SMACK
- .enabled = true
-#endif
+ {
+ .name = XATTR_NAME_SMACK,
+ .enabled = IS_ENABLED(CONFIG_SECURITY_SMACK)
},
- {.name = XATTR_NAME_SMACKEXEC,
-#ifdef CONFIG_EVM_EXTRA_SMACK_XATTRS
- .enabled = true
-#endif
+ {
+ .name = XATTR_NAME_SMACKEXEC,
+ .enabled = IS_ENABLED(CONFIG_EVM_EXTRA_SMACK_XATTRS)
},
- {.name = XATTR_NAME_SMACKTRANSMUTE,
-#ifdef CONFIG_EVM_EXTRA_SMACK_XATTRS
- .enabled = true
-#endif
+ {
+ .name = XATTR_NAME_SMACKTRANSMUTE,
+ .enabled = IS_ENABLED(CONFIG_EVM_EXTRA_SMACK_XATTRS)
},
- {.name = XATTR_NAME_SMACKMMAP,
-#ifdef CONFIG_EVM_EXTRA_SMACK_XATTRS
- .enabled = true
-#endif
+ {
+ .name = XATTR_NAME_SMACKMMAP,
+ .enabled = IS_ENABLED(CONFIG_EVM_EXTRA_SMACK_XATTRS)
},
- {.name = XATTR_NAME_APPARMOR,
-#ifdef CONFIG_SECURITY_APPARMOR
- .enabled = true
-#endif
+ {
+ .name = XATTR_NAME_APPARMOR,
+ .enabled = IS_ENABLED(CONFIG_SECURITY_APPARMOR)
},
- {.name = XATTR_NAME_IMA,
-#ifdef CONFIG_IMA_APPRAISE
- .enabled = true
-#endif
+ {
+ .name = XATTR_NAME_IMA,
+ .enabled = IS_ENABLED(CONFIG_IMA_APPRAISE)
},
- {.name = XATTR_NAME_CAPS,
+ {
+ .name = XATTR_NAME_CAPS,
.enabled = true
},
};